SIST ETS 300 392-7:1999

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Prizemni snopovni radio (TETRA) - Govor in podatki (V+D) - 7. del: VarnostTerrestrial Trunked Radio (TETRA); Voice plus Data (V+D); Part 7: Security33.070.10Prizemni snopovni radio (TETRA)Terrestrial Trunked Radio (TETRA)ICS:Ta slovenski standard je istoveten z:ETS 300 392-7 E13SIST ETS 300 392-7:1999en01-PDM-19993SIST ETS 300 392-7:1999SLOVENSKI
STANDARD



SIST ETS 300 392-7:1999



EUROPEANETS 300 392-7TELECOMMUNICATIONDecember 1996STANDARDSource: ETSI TC-RESReference: DE/RES-06001-7ICS:33.060, 33.060.50Key words:TETRA, V+D, securityRadio Equipment and Systems (RES);Trans-European Trunked Radio (TETRA);Voice plus Data (V+D);Part 7: SecurityETSIEuropean Telecommunications Standards InstituteETSI SecretariatPostal address: F-06921 Sophia Antipolis CEDEX - FRANCEOffice address: 650 Route des Lucioles - Sophia Antipolis - Valbonne - FRANCEX.400: c=fr, a=atlas, p=etsi, s=secretariat - Internet: secretariat@etsi.frTel.: +33 4 92 94 42 00 - Fax: +33 4 93 65 47 16Copyright Notification: No part may be reproduced except as authorized by written permission. The copyright and theforegoing restriction extend to reproduction in all media.© European Telecommunications Standards Institute 1996. All rights reserved.SIST ETS 300 392-7:1999



Page 2ETS 300 392-7: December 1996Whilst every care has been taken in the preparation and publication of this document, errors in content,typographical or otherwise, may occur. If you have comments concerning its accuracy, please write to"ETSI Editing and Committee Support Dept." at the address shown on the title page.SIST ETS 300 392-7:1999



Page 3ETS 300 392-7: December 1996ContentsForeword.71Scope.92Normative references.93Definitions and abbreviations.103.1Definitions.103.2Abbreviations.124Air Interface authentication and key management mechanisms.134.1Air interface authentication mechanisms.134.1.1Overview.134.1.2Authentication of a user.134.1.3Authentication of the infrastructure.144.1.4Mutual authentication of user and infrastructure.154.1.5The authentication key.174.1.5.1Generation of K.184.1.6Equipment authentication.184.2Air Interface key management mechanisms.184.2.1The DCK.184.2.2The GCK.194.2.3The CCK.204.2.4The SCK.214.2.5Encrypted Short Identity (ESI) mechanism.224.2.6Summary of AI key management mechanisms.234.3Service description and primitives.244.3.1Authentication primitives.244.3.2SCK transfer primitives.244.3.3GCK transfer primitives.254.4Definition of protocols.264.4.1Authentication state transitions.264.4.2Overview of authentication protocol.274.4.2.1Case 1: SwMI authenticates MS.274.4.2.2Case 2: MS authenticates SwMI.294.4.2.3Case 3: Mutual authentication initiated by SwMI.314.4.2.4Case 4: Mutual authentication initiated by MS.334.4.2.5Case 5: SwMI authenticates MS during registration.354.4.2.6Case 6: MS authenticates SwMI during registration.384.4.2.7Case 7: Mutual authentication initiated by MS duringregistration.404.4.2.8Case 8: SwMI rejects authentication demand from MS.424.4.2.9Case 9: MS rejects authentication demand from SwMI.424.4.3OTAR protocol functions - CCK.434.4.3.1SwMI-initiated OTAR CCK provision and subsequentSYSINFO-initiated CCK change.434.4.3.2SYSINFO-initiated CCK change and MS-initiated OTARCCK provision.454.4.3.3MS-initiated OTAR CCK provision during cell re-selectionannouncement signalling.464.4.4OTAR protocol functions - SCK.474.4.4.1MS requests provision of SCK(s).474.4.4.2SwMI provides SCK(s) to MS.484.4.5OTAR protocol functions - GCK.494.4.5.1MS requests provision of GCK.494.4.5.2SwMI provides GCK to MS.504.4.6PDU descriptions.51SIST ETS 300 392-7:1999



Page 4ETS 300 392-7: December 19964.4.6.1D-AUTHENTICATION DEMAND.544.4.6.2D-AUTHENTICATION RESPONSE.544.4.6.3D-AUTHENTICATION RESULT.554.4.6.4D-AUTHENTICATION REJECT.554.4.6.5U-AUTHENTICATION DEMAND.554.4.6.6U-AUTHENTICATION RESPONSE.564.4.6.7U-AUTHENTICATION RESULT.564.4.6.8U-AUTHENTICATION REJECT.564.4.6.9D-OTAR CCK Provide.574.4.6.10D-OTAR SCK Provide.574.4.6.11D-OTAR GCK Provide.574.4.6.12U-OTAR CCK Demand.584.4.6.13U-OTAR CCK Result.584.4.6.14U-OTAR SCK Demand.584.4.6.15U-OTAR SCK Result.594.4.6.16U-OTAR GCK Demand.594.4.6.17U-OTAR GCK Result.594.4.6.18U-TEI PROVIDE.604.4.7MM PDU type 3 information elements coding.604.4.7.1Authentication uplink.604.4.7.2Authentication downlink.604.4.8PDU Information elements coding.614.4.8.1Address extension.614.4.8.2Authentication result.614.4.8.3Authentication reject reason.614.4.8.4CCK identifier.614.4.8.5CCK key and identifier.624.4.8.6CCK information for current LA.624.4.8.7CCK provision indicator.624.4.8.8CCK request flag.624.4.8.9GCK key and identifier.634.4.8.10GCK version number.634.4.8.11GSSI.634.4.8.12Location area list.634.4.8.13Location area.634.4.8.14Mobile country code.634.4.8.15Mobile network code.644.4.8.16Mutual authentication flag.644.4.8.17Number of location areas.644.4.8.18Number of SCKs provided.644.4.8.19Number of SCKs requested.654.4.8.20OTAR sub-type.654.4.8.21PDU type.654.4.8.22Proprietary.664.4.8.23Provision result.664.4.8.24Random challenge.664.4.8.25Reject cause.674.4.8.26Random seed.674.4.8.27Response value.674.4.8.28SCK version number.674.4.8.29SCK key and identifier.674.4.8.30SCK number.684.4.8.31SCK number and result.684.4.8.32Sealed Key.684.4.8.33TEI.684.4.8.34TEI information.694.4.8.35TEI request flag.694.4.8.36Type 3 element identifier.694.5Boundary conditions for the cryptographic algorithms and procedures.694.6Dimensioning of the cryptographic parameters.734.7Summary of the cryptographic processes.745Secure enable and disable mechanism.75SIST ETS 300 392-7:1999



Page 5ETS 300 392-7: December 19965.1General relationships.755.2Enable/disable state transitions.765.3Mechanisms.765.3.1Disable of MS equipment.775.3.2Disable of MS subscription.775.3.3Disable an MS subscription and equipment.775.3.4Enable an MS equipment.775.3.5Enable an MS subscription.775.3.6Enable an MS equipment and subscription.785.4Enable/disable protocol.785.4.1General case.785.4.2Specific protocol exchanges.785.4.2.1Disabling an MS using authentication.785.4.2.2Disable an MS without authentication.805.4.2.3Enable an MS using authentication.815.4.2.4Enable an MS without authentication.835.4.3MM service primitives.845.4.3.1TNMM-DISABLING primitive.845.4.3.2TNMM-ENABLING primitive.845.4.4MM PDUs structures and contents.855.4.4.1D-DISABLE.855.4.4.2D-ENABLE.855.4.4.3U-DISABLE STATUS.865.4.5MM Information elements coding.865.4.5.1Address extension.865.4.5.2Authentication challenge.865.4.5.3Disabling type.875.4.5.4Enable/Disable result.875.4.5.5Equipment disable.875.4.5.6Equipment enable.875.4.5.7Equipment status.875.4.5.8Intent/confirm.885.4.5.9PDU Type.885.4.5.10Proprietary.885.4.5.11Subscription disable.885.4.5.12Subscription enable.885.4.5.13Subscription status.895.4.5.14TETRA equipment identity.896Air Interface (AI) encryption.896.1General principles.896.1.1Key Stream Generator (KSG).906.1.2Encryption mechanism.906.1.3KSG numbering and selection.926.1.4Interface parameters.936.1.4.1Initial Value (IV).936.1.4.2Cipher Key.936.1.5Use of cipher keys.936.1.5.1Encrypted SwMI types.946.1.5.2Identification of cipher keys.966.1.5.3Change of CCK in an LA.966.1.6Data to be encrypted.976.1.6.1Downlink control channel requirements.976.1.6.2Encryption of MAC header elements.986.1.7Traffic channel encryption control.986.2Mobility procedures.986.2.1General requirements.986.2.2Mobility within a location area.996.2.3Mobility between location areas.996.2.4Cell change with uninterrupted ciphering.1006.3Air interface encryption protocol.1016.3.1General.1016.3.1.1Positioning of encryption process.101SIST ETS 300 392-7:1999



Page 6ETS 300 392-7: December 19966.3.1.2Operation of encryption process.1026.3.2Service description and primitives.1036.3.2.1Mobility Management (MM).1036.3.2.2Mobile Link Entity (MLE).1036.3.2.3Layer 2.1046.3.3Protocol functions.1056.3.3.1MM.1056.3.3.2MLE.1056.3.3.3LLC.1056.3.3.4MAC.1056.3.4PDUs for cipher negotiation.1057End-to-end encryption.1067.1Introduction.1067.2Voice encryption and decryption mechanism.1067.2.1Protection against replay.1077.3Data encryption mechanism.1077.4Exchange of information between encryption units.1087.4.1Synchronization of encryption units.1087.4.2Encrypted information between encryption units.1097.4.3Transmission.1097.4.4Reception.1117.4.5Stolen frame format.1127.5Location of security components in the functional architecture.1137.6End-to-end key management.114History.115SIST ETS 300 392-7:1999



Page 7ETS 300 392-7: December 1996ForewordThis European Telecommunication Standard (ETS) has been produced by the Radio Equipment andSystems (RES) Technical Committee of the European Telecommunications Standards Institute (ETSI).This ETS is a multi-part standard and will consist of the following parts:Part 1:"General network design";Part 2:"Air Interface (AI)";Part 3:"Inter-working - Basic Operation", (DE/RES-06001-3);Part 4:"Gateways for Basic Services", (DE/RES-06001-4);Part 5:"Terminal equipment interface", (DE/RES-06001-5);Part 6:"Line connected stations", (DE/RES-06001-6);Part 7:"Security";Part 8:"Management services", (DE/RES-06001-8);Part 9:"Performance objectives", (DE/RES-06001-9);Part 10:"Supplementary Services (SS) Stage 1";Part 11:"Supplementary Services (SS) Stage 2";Part 12:"Supplementary Services (SS) Stage 3";Part 13:"SDL Model of the Air Interface";Part 14:"PICS Proforma" (DE/RES-06001-14);Part 15:"Inter-working - Extended Operations", (DE/RES-06001-15).Transposition datesDate of adoption22 November 1996Date of latest announcement of this ETS (doa):31 March 1997Date of latest publication of new National Standardor endorsement of this ETS (dop/e):30 September 1997Date of withdrawal of any conflicting National Standard (dow):30 September 1997SIST ETS 300 392-7:1999



Page 8ETS 300 392-7: December 1996Blank pageSIST ETS 300 392-7:1999



Page 9ETS 300 392-7: December 19961ScopeThis European Telecommunication Standard (ETS) defines the Trans-European Trunked Radio system(TETRA) supporting Voice plus Data (V+D). It specifies the air interface, the inter-working betweenTETRA systems and to other systems via gateways, the terminal equipment interface on the mobilestation, the connection of line stations to the infrastructure, the security aspects in TETRA networks, themanagement services offered to the operator, the performance objectives, and the supplementaryservices that come in addition to the basic and teleservices.This part describes the security mechanisms in TETRA V+D. It provides mechanisms for confidentiality ofcontrol signalling and user speech and data at the air interface, authentication and key managementmechanisms for the air interface, and end-to-end confidentiality mechanisms between users.Clause 4 describes the authentication and key management mechanisms for the TETRA air interface.The following two authentication services have been specified for the air-interface in ETR 086-3 [3], basedon a threat analysis:-authentication of a user by the TETRA infrastructure;-authentication of the TETRA infrastructure by a user.Clause 5 describes the mechanisms and protocol for a secure enable and disable of both the mobilestation equipment and the mobile station user’s subscription.Air interface encryption may be provided as an option in TETRA. Where employed, clause 6 describes theconfidentiality mechanisms using encryption on the air interface, for circuit mode speech, circuit modedata, packet data and control information. Clause 6 describes both encryption mechanisms and mobilityprocedures. It also details the protocol concerning control of encryption at the air interface.Clause 7 describes the end-to-end confidentiality for V+D. End-to-end confidentiality can be establishedbetween two users or a group of users. In clause 7 the logical part of the interface to the encryptionmechanism is described. Electrical and physical aspects of this interface are not described, nor are theencryption algorithms for end-to-end confidentiality described.This part of the ETS does not address the detail handling of protocol errors or any protocol mechanismswhen TETRA is operating in a degraded mode. These issues are implementation specific and thereforefall outside the scope of the TETRA standardization effort.The detail description of the Authentication Centre is outside the scope of this part of the ETS.2Normative referencesThis ETS incorporates by dated and undated reference, provisions from other publications. Thesenormative references are cited at the appropriate places in the text and the publications are listedhereafter. For dated references, subsequent amendments to or revisions of any of these publicationsapply to this ETS only when incorporated in it by amendment or revision. For undated references the latestedition of the publication referred to applies.[1]ETS 300 392-1: "Radio Equipment and Systems (RES); Trans-EuropeanTrunked Radio (TETRA); Voice plus Data (V+D); Part 1: General networkdesign".[2]ETS 300 392-2: "Radio Equipment and Systems (RES); Trans-EuropeanTrunked Radio (TETRA); Voice plus Data (V+D); Part 2: Air Interface (AI)".[3]ETR 086-3: "Radio Equipment and Systems (RES); Trans European TrunkedRadio (TETRA) systems; Technical requirements specification; Part 3: Securityaspects".[4]ISO 7498-2: "Information processing systems - Open Systems Interconnection -Basic reference model - Part 2: Security Architecture".SIST ETS 300 392-7:1999



Page 10ETS 300 392-7: December 1996[5]prETS 300 395-1: "Radio Equipment and Systems (RES); Trans-EuropeanTrunked Radio (TETRA); Speech codec for full-rate traffic channel; Part 1:General description of speech functions".[6]prETS 300 395-3: "Radio Equipment and Systems (RES); Trans-EuropeanTrunked Radio (TETRA); Speech codec for full-rate traffic channel; Part 3:Specific operating features".3Definitions and abbreviations3.1DefinitionsFor the purposes of this ETS, the following definitions apply:Authentication Code (AC): A (short) sequence to be entered by the user into the MS.Authentication Key (K): The primary secret, the knowledge of which has to be demonstrated forauthentication.CCK Identity (CCK-Id): Distributed with the CCK. It serves the identification of the active key and theprotection against replay of old keys.cipher key: A value that is used to determine the transformation of plain text to cipher text in acryptographic algorithm.cipher text: The data produced through the use of encipherment. The semantic content of the resultingdata is not available (see ISO 7498-2 [4]).Common Cipher Key (CCK): A cipher key that is generated by the infrastructure to protect groupaddressed signalling and traffic. There is one CCK for each location area.decipherment: The reversal of a corresponding reversible encipherment (see ISO 7498-2 [4]).Derived Cipher Key (DCK): DCK is generated during authentication for use in protection of individuallyaddressed signalling and traffic.derived key: A sequence of symbols that controls the KSG inside the end-to-end encryption unit and thatis derived from the cipher key.encipherment: The cryptographic transformation of data to produce cipher text (see ISO 7498-2 [4]).encryption mode: The choice between static (SCK) and dynamic (DCK/CCK) encipherment.encryption state: Encryption on or off.end-to-end encryption: The encryption within or at the source end system, with the correspondingdecryption occurring only within or at the destination end system.flywheel: A mechanism to keep the KSG in the receiving terminal synchronized with the KSG in thetransmitting terminal in case synchronization data is not received correctly.Group Cipher Key (GCK): A long lifetime cipher key generated by the infrastructure to protect groupaddressed signalling and traffic. Not used directly at the air interface but modified by CCK to give aModified Group Cipher Key (MGCK). There is one GCK for each GTSI.Initialization Value (IV): A sequence of symbols that initializes the KSG inside the encryption unit.key stream: A pseudo random stream of symbols that is generated by a KSG for encipherment anddecipherment.SIST ETS 300 392-7:1999



Page 11ETS 300 392-7: December 1996Key Stream Generator (KSG): A cryptographic algorithm which produces a stream of binary digits whichcan be used for encipherment and decipherment. The initial state of the KSG is determined by theinitialization value.Key Stream Segment (KSS): A key stream of arbitrary length.Manipulation Flag (MF): Used to indicate that the CCK has been incorrectly recovered.Personal Identification Number (PIN): Entered by the user into the MS and used to generate theauthentication Key (K) together with the User Authentication Key (UAK).plain text: The un-encrypted source data. The semantic content is available.proprietary algorithm: An algorithm which is the intelle
...